file.post_update.php

<?php


/**
 * @file
 * Post update functions for File.
 */
use Drupal\Core\Config\Entity\ConfigEntityUpdater;
use Drupal\Core\File\FileSystemInterface;
use Drupal\field\Entity\FieldConfig;
use Drupal\file\Plugin\Field\FieldType\FileItem;

/**
 * Add txt to allowed extensions for all fields that allow uploads of insecure files.
 */
function file_post_update_add_txt_if_allows_insecure_extensions(&$sandbox = NULL) {
    if (\Drupal::config('system.file')->get('allow_insecure_uploads')) {
        return t('The system is configured to allow insecure file uploads. No file field updates are necessary.');
    }
    $updater = function (FieldConfig $field) {
        // Determine if this field uses an item definition that extends FileItem.
        if (is_subclass_of($field->getItemDefinition()
            ->getClass(), FileItem::class)) {
            $allowed_extensions_string = trim($field->getSetting('file_extensions'));
            $allowed_extensions = array_filter(explode(' ', $allowed_extensions_string));
            if (in_array('txt', $allowed_extensions, TRUE)) {
                // Since .txt is specifically allowed, there's nothing to do.
                return FALSE;
            }
            foreach ($allowed_extensions as $extension) {
                // Allow .txt if an insecure extension is allowed.
                if (preg_match(FileSystemInterface::INSECURE_EXTENSION_REGEX, 'test.' . $extension)) {
                    $allowed_extensions_string .= ' txt';
                    $field->setSetting('file_extensions', $allowed_extensions_string);
                    return TRUE;
                }
            }
            return FALSE;
        }
    };
    \Drupal::classResolver(ConfigEntityUpdater::class)->update($sandbox, 'field_config', $updater);
}